Tuesday, September 27, 2011

Facebook Let's You Increase Security, If You Don't Use Chrome

Edit: After being schooled for shooting off a hasty post, this clearly isn't a Google specific problem.  I will keep up the previous post and Mea Culpa as a reminder for next time.  However, the larger issue is that in order to enable this security feature, which could cause you to lock yourself out of FB, instead of warning the user why this could cause problems or building a forgot your password recovery tool, FB chose to create require me NOT to clear my cookies.  It is a little ironic that by enabling device level security the trade off is allowing FB to track my activity via web/mobile device?

Facebook and Google don't like each other.  It's nothing new and it isn't going away.  In a big dollar, Highlander world, you do what you have to do.

Today, I was reviewing my privacy settings after the new FB release and I wanted to enable "Login Approvals", under the general settings>security tab.  After all, it's probably a good practice to ask for credentials when logging in from an unrecognized device.  By default, this setting is set to "Approval is not required".

After checking the box to enable the feature, I got this message:

After closing the box, the setting remains unchecked.  

I get it, I really do.  Facebook makes privacy hard because they don't believe we need it & it's bad for business.  I was unfriending people today and laughed when I realized FB didn't use check boxes to allow me to unfriend in mass.  To make it worse, I had to mouseover a box, scroll to the bottom of the list which was one space from a list of ~4 options, click & then confirm (via pop-up) each unfriend.  It's no secret security settings have always been unnecessarily difficult, but saying, "Want security?  Can't use Chrome!"  Sure, it's a swipe at Google, but it's a big FUCK YOU to all of us...your users...the ones that made you what you are today.  

Message to FB: I'm apart of the vocal minority that care about my privacy and browser choice, so ignoring me doesn't seem like a big deal.  There are 650+ million other users, who you are trying to earn revenue off of and most of them don't care.  But know this, I'm on every new social network, evangelizing and seeding the nascent community, just like I did for you FB.  I'm not asking for default privacy, b/c you err on the side of openness and that's your choice.  But this kinda shit drives me crazy and keeps me looking for somewhere better.



  1. I worked right next to the engineers who developed the login approvals feature, and overheard the discussions that led to this dialog - it was all about making it hard for people to mistakenly lock themselves out of their accounts because they use frequent cookie cleaners.

    You can imagine the fallout when someone turns on this feature and then can't get back into their account, or who has to receive a text message every time they log in, even from the same machine/browser.

    The source code does not call out Chrome in particular - the code looks something like (it also does translation):

    Your current {$browser_name} settings might make it hard to use login approvals.

  2. I'm not above admitting I was wrong. There's a new edit at the top of the page. Feel free to correct my other assumption, which is, by NOT clearing my cookies to get device level security-FB gets access to my browsing data through cookie tracking.

  3. Yeah right...

    You know, there are other websites with such authentication, like google accounts.

    NEVER had this issue..